FDA Says Health IT Should Be Regulated According to 'Functionality'

A recently released report (.pdf) from the federal Food and Drug Administration (FDA) proposes regulating health management health information technology (IT) based on where and how the IT product is used, and not on platforms or product names and descriptions. APTA provided comments on a draft version of the report, which sets the stage for a more nuanced approach to how the government may regulate health IT applications ranging from billing software to robotic surgical control.

The proposed strategy identifies 3 types of health IT functions—administrative, health management, and medical device—and evaluates levels of risk associated with each. Administrative IT functions such as billing and claims processing, inventory management, and scheduling "pose limited or no risk to patient safety and, thus, do not require additional oversight," the report states. The FDA describes health management IT—applications such as provider order entry, patient identification, and access to clinical results—as slightly higher-risk but still not a particular target for FDA oversight. In fact, the report states, even if a particular product meets the definition of a "medical device," if its functionality is within the health management area, "FDA does not intend to focus its oversight on it."

The agency would continue to focus attention on medical devices whose functionality "generally pose a greater risk to patient safety."

APTA presented case scenarios in its comments to the FDA to illustrate its concerns about consumer safety with certain unregulated fitness and wellness health applications. APTA did not request regulation of these health technologies, but advocated for monitoring and enforcement mechanisms. The FDA took note of the concerns, and reiterated in the Health IT report that it “intends to exercise enforcement discretion," even when the applications don't fall into the FDA's high risk categories, a position the agency published in earlier draft guidance documents issued in response to stakeholder comments.

The framework that the FDA proposes for the future of health management health IT consists of 4 "key priority areas:" the identification and adoption of best practices, the use of tools that can assess IT quality, the creation of "an environment of learning and continual improvement," and the establishment of a "Health IT Safety Center" that would allow the public and private sectors to share information on how to continually improve health IT safety and accountability.

The report was required as part of the Food and Drug Administration Safety and Innovation Act of 2012. The Federal Communications Commission and the US Department of Health and Human Services also contributed to the report.